End-to-End QoS Network Design: Quality of Service in LANs, WANs, and VPNs (Hardcover)

Description:

Best-practice QoS designs for protecting voice, video, and critical data while mitigating network denial-of-service attacks

• Understand the service-level requirements of voice, video, and data applications
• Examine strategic QoS best practices, including Scavenger-class QoS tactics for DoS/worm mitigation
• Learn about QoS tools and the various interdependencies and caveats of these tools that can impact design considerations
• Learn how to protect voice, video, and data traffic using various QoS mechanisms
• Evaluate design recommendations for protecting voice, video, and multiple classes of data while mitigating DoS/worm attacks for the following network infrastructure architectures: campus LAN, private WAN, MPLS VPN, and IPSec VPN

Quality of Service (QoS) has already proven itself as the enabling technology for the convergence of voice, video, and data networks. As business needs evolve, so do the demands for QoS. The need to protect critical applications via QoS mechanisms in business networks has escalated over the past few years, primarily due to the increased frequency and sophistication of denial-of-service (DoS) and worm attacks.

End-to-End QoS Network Design is a detailed handbook for planning and deploying QoS solutions to address current business needs. This book goes beyond discussing available QoS technologies and considers detailed design examples that illustrate where, when, and how to deploy various QoS features to provide validated and tested solutions for voice, video, and critical data over the LAN, WAN, and VPN.

The book starts with a brief background of network infrastructure evolution and the subsequent need for QoS. It then goes on to cover the various QoS features and tools currently available and comments on their evolution and direction. The QoS requirements of voice, interactive and streaming video, and multiple classes of data applications are presented, along with an overview of the nature and effects of various types of DoS and worm attacks. QoS best-practice design principles are introduced to show how QoS mechanisms can be strategically deployed end-to-end to address application requirements while mitigating network attacks. The next section focuses on how these strategic design principles are applied to campus LAN QoS design. Considerations and detailed design recommendations specific to the access, distribution, and core layers of an enterprise campus network are presented. Private WAN QoS design is discussed in the following section, where WAN-specific considerations and detailed QoS designs are presented for leased-lines, Frame Relay, ATM, ATM-to-FR Service Interworking, and ISDN networks. Branch-specific designs include Cisco(r) SAFE recommendations for using Network-Based Application Recognition (NBAR) for known-worm identification and policing. The final section covers Layer 3 VPN QoS design-for both MPLS and IPSec VPNs. As businesses are migrating to VPNs to meet their wide-area networking needs at lower costs, considerations specific to these topologies are required to be reflected in their customer-edge QoS designs. MPLS VPN QoS design is examined from both the enterprise and service provider's perspectives. Additionally, IPSec VPN QoS designs cover site-to-site and teleworker contexts.

Whether you are looking for an introduction to QoS principles and practices or a QoS planning and deployment guide, this book provides you with the expert advice you need to design and implement comprehensive QoS solutions.

This book is part of the Networking Technology Series from Cisco Press‚ which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

 

Table of Contents:

Introduction.

I. INTRODUCTION TO QoS.

1. Introduction to QoS.

    A Brief Historical Perspective.

    QoS Evolution.

    User Network Expectations.

      End User.

      Information Technologies Management.

    Understanding QoS.

      End-to-End QoS.

       All Packets Are (Not) Equal.

      The Challenges of Converged Networks.

    QoS Models.

      IntServ Overview.

      DiffServ Overview.

    Introduction to the QoS Toolset.

    Simplifying QoS.

      Modular QoS Command-Line Interface.

      QoS Baseline.

      Default Behavior.

      Cross-Platform Feature Consistency.

      Automatic QoS.

    If I Have AutoQoS, Why Should I Be Reading This Book?

    The Continuing Evolution of QoS.

    Summary.

    Further Reading.

      General.

      IntServ.

       DiffServ.

      AutoQoS.

2. QoS Design Overview.

    QoS Requirements of VoIP.

      Voice (Bearer Traffic).

      Call-Signaling Traffic.

    QoS Requirements of Video.

      Interactive-Video.

      Streaming-Video.

    QoS Requirements of Data.

      Best-Effort Data.

      Bulk Data.

      Transactional Data/Interactive Data.

      Locally Defined Mission-Critical Data.

      DLSw+ Considerations.

    QoS Requirements of the Control Plane.

      IP Routing.

      Network-Management.

    Scavenger Class.

    DoS and Worm Mitigation Strategy Through Scavenger Class QoS.

    Principles of QoS Design.

      General QoS Design Principles.

      Classification and Marking Principles.

      Policing and Markdown Principles.

      Queuing and Dropping Principles.

      DoS and Worm Mitigation Principles.

      Deployment Principles.

    Summary.

    Further Reading.

II. QoS TOOLSET.

3. Classification and Marking Tools.

    Classification Tools.

      Modular QoS Command-Line Interface Class Maps.

      Network-Based Application Recognition.

    Marking Tools.

      Class-Based Marking.

      Class-Based Policing.

      Committed Access Rate.

      Policy-Based Routing.

      Voice Gateway Packet Marking.

      Layer 2 Marking Fields.

      Layer 3 Marking Fields.

      Translating Layer 2 and Layer 3 Packet Markings.

    Summary.

    Further Reading.

      General.

      DiffServ.

      L2 Protocol Tunneling.

      VPN.

      NBAR.

      MPLS.

      IP–ATM/Frame Relay Bundles.

      Level 2 to Level 3 Packet-Marking Translation.

4. Policing and Shaping Tools.

    Token Bucket Algorithms.

    Policers.

      Policers as Markers.

      Committed Access Rate.

      Class-Based Policing.

    Shapers.

      Shaping Algorithms.

      Shaping on ATM and Frame Relay Networks.

      Generic Traffic Shaping.

      Class-Based Shaping.

    Further Reading.

      DiffServ Policing Standards.

      Policing.

      ATM PVC Traffic Parameters.

      Frame Relay Traffic Shaping.

      Traffic Shaping.

5. Congestion-Management Tools.

    Understanding Scheduling and Queuing.

    Legacy Layer 3 Queuing Mechanisms.

      Priority Queuing.

      Custom Queuing.

      Weighted Fair Queuing.

      IP RTP Priority Queuing.

    Currently Recommended Layer 3 Queuing Mechanisms.

      Class-Based Weighted Fair Queuing.

      Low-Latency Queuing.

    Layer 2 Queuing Tools.

      Frame Relay Dual-FIFO.

      PVC Interface Priority Queuing.

    Tx-ring.

    PAK_priority.

    Summary.

    Further Reading.

      Layer 3 Queuing.

      Layer 2 Queuing.

      Tx-ring.

      PAK_priority.

6. Congestion-Avoidance Tools.

    Random Early Detection.

    Weighted Random Early Detection.

    DSCP-Based Weighted Random Early Detection.

    Explicit Congestion Notification.

    Summary.

    Further Reading.

       DiffServ Standards Relating to WRED.

      Cisco IOS WRED Documentation.

7. Link-Specific Tools.

    Header-Compression Techniques.

      Related Standards.

      TCP Header Compression.

      RTP Header Compression.

      Compression Formats.

      Layer 2 Encapsulation Protocol Support.

      Summary of cRTP Formats and Protocol Encapsulations.

      Class-Based Header Compression.

      Advanced Topics on cRTP.

    Link Fragmentation and Interleaving.

      Fragment Sizes.

      Multilink PPP LFI.

       Frame-Relay Fragmentation.

      LFI for Frame Relay/ATM Service Interworking.

      IPSec Prefragmentation.

    Summary.

    Further Reading.

      General.

      IETF Standards.

      Frame Relay Forum Standards.

      Header Compression.

      Link Fragmentation and Interleaving.

8. Bandwidth Reservation.

    RSVP Overview.

      RSVP Service Types.

      Admission Control.

      RSVP and LLQ.

    MPLS Traffic Engineering.

    Scalability.

    RSVP-DiffServ Integration.

    Endpoints and Proxies.

     Summary.

    Further Reading.

      Standards.

      Cisco IOS Documentation.

9. Call Admission Control (CAC).

    CAC Overview.

    CAC Defined.

    CAC Tool Categories.

      Local CAC Tools.

      Measurement-Based CAC Tools.

      Resource-Based CAC Tools.

    CallManager Locations CAC.

    Gatekeeper CAC.

    RSVP.

      Example of VoIP CAC Through RSVP.

    Summary.

    Further Reading.

      General.

      Cisco IOS Documentation.

10. Catalyst QoS Tools.

    Generic Catalyst QoS Models.

      Classification, Marking, and Mapping.

      Policing and Markdown.

      Queuing and Dropping.

    Catalyst 2950.

      Catalyst 2950 Classification, Marking, and Mapping.

      Catalyst 2950 Policing and Markdown.

      Catalyst 2950 Queuing.

    Catalyst 3550.

      Catalyst 3550 Classification, Marking, and Mapping.

      Catalyst 3550 Policing and Markdown.

      Catalyst 3550 Queuing and Dropping.

    Catalyst 2970, 3650, and 3750.

      Catalyst 2970/3560/3750 Classification, Marking, and Mapping.

      Catalyst 2970/3560/3750 Policing and Markdown.

      Catalyst 2970/3560/3750 Queuing and Dropping.

    Catalyst 4500.

      Catalyst 4500 Classification, Marking, and Mapping.

      Catalyst 4500 Policing and Markdown.

      Catalyst 4500 Queuing and Dropping.

    Catalyst 6500.

      Catalyst 6500 Classification, Marking, and Mapping.

      Catalyst 6500 Policing and Markdown.

      Catalyst 6500 Queuing and Dropping.

    Summary.

    Further Reading.

11. WLAN QoS Tools.

    QoS for Wireless LANs Versus QoS on Wired LANs.

    Upstream Versus Downstream QoS.

    IEEE 802.11 DCF.

      Interframe Spaces.

      Random Backoffs/Contention Windows.

    IEEE 802.11e EDCF.

      QoS Basic Service Set Information Element.

    IEEE 802.1D Classes of Service.

    QoS Operation on Cisco APs.

    Configuring QoS on Cisco APs.

    Summary.

    Further Reading.

III. LAN QoS DESIGN.

12. Campus QoS Design.

    DoS/Worm-Mitigation Strategies.

      Scavenger-Class QoS Operation.

    Call-Signaling TCP/UDP Ports in Use.

    Access-Edge Trust Models.

      Trusted Endpoint Models.

      Untrusted Endpoint Models.

      Conditionally Trusted Endpoint(s) Models.

     Catalyst 2950 QoS Considerations and Design.

      Catalyst 2950: Trusted Endpoint Model.

      Catalyst 2950: Untrusted PC with SoftPhone Model.

      Catalyst 2950: Untrusted Server Model.

      Catalyst 2950: Conditionally Trusted IP Phone + PC: Basic Model.

      Catalyst 2950: Conditionally Trusted IP Phone + PC: Advanced Model.

      Catalyst 2950: Queuing.

    Catalyst 3550 QoS Considerations and Design.

      Catalyst 3550: Trusted Endpoint Model.

      Catalyst 3550: Untrusted PC with SoftPhone Model.

      Catalyst 3550: Untrusted Server Model.

      Catalyst 3550: Conditionally Trusted IP Phone + PC: Basic Model.

      Catalyst 3550: Conditionally Trusted IP Phone + PC: Advanced Model.

      Catalyst 3550: Queuing and Dropping.

    Catalyst 2970/3560/3750 QoS Considerations and Design.

      Catalyst 2970/3560/3750: Trusted Endpoint Model.

      Catalyst 2970/3560/3750: Untrusted PC with SoftPhone Model.

      Catalyst 2970/3560/3750: Untrusted Server Model.

      Catalyst 2970/3560/3750: Conditionally Trusted IP Phone + PC: Basic Model.

      Catalyst 2970/3560/3750: Conditionally Trusted IP Phone + PC: Advanced Model.

      Catalyst 2970/3560/3750: Queuing and Dropping.

    Catalyst 4500-SupII+/III/IV/V QoS Considerations and Design.

      Catalyst 4500: Trusted Endpoint Model.

      Catalyst 4500: Untrusted PC with SoftPhone Model.

      Catalyst 4500: Untrusted Server Model.

      Catalyst 4500: Conditionally Trusted IP Phone + PC: Basic Model.

      Catalyst 4500: Conditionally Trusted IP Phone + PC: Advanced Model.

      Catalyst 4500: Queuing.

    Catalyst 6500 QoS Considerations and Design.

      Catalyst 6500: CatOS Defaults and Recommendations.

      Catalyst 6500: Trusted Endpoint Model.

      Catalyst 6500: Untrusted PC with SoftPhone Model.

      Catalyst 6500: Untrusted Server Model.

      Catalyst 6500: Conditionally Trusted IP Phone + PC: Basic Model.

      Catalyst 6500: Conditionally Trusted IP Phone + PC: Advanced Model.

      Catalyst 6500: Queuing and Dropping.

      Catalyst 6500: PFC3 Distribution-Layer (Cisco IOS) Per-User Microflow Policing.

    WAN Aggregator/Branch Router Handoff Considerations.

    Case Study: Campus QoS Design.

    Summary.

    Further Reading.

IV. WAN QoS DESIGN.

13. WAN Aggregator QoS Design.

    Where Is QoS Needed over the WAN?

    WAN Edge QoS Design Considerations.

      Software QoS.

      Bandwidth Provisioning for Best-Effort Traffic.

      Bandwidth Provisioning for Real-Time Traffic.

      Serialization.

      IP RTP Header Compression.

      Tx-ring Tuning.

      PAK_priority.

      Link Speeds.

      Distributed Platform QoS and Consistent QoS Behavior.

    WAN Edge Classification and Provisioning Models.

      Slow/Medium Link-Speed QoS Class Models.

      High Link Speed QoS Class Models.

    WAN Edge Link-Specific QoS Design.

      Leased Lines.

      Frame Relay.

      ATM.

      ATM-to-Frame Relay Service Interworking.

      ISDN.

    Case Study: WAN Aggregation Router QoS Design.

    Summary.

    Further Reading.

14. Branch Router QoS Design.

    Branch WAN Edge QoS Design.

      Unidirectional Applications.

    Branch Router LAN Edge QoS Design.

      DSCP-to-CoS Remapping.

      Branch-to-Campus Classification and Marking.

      NBAR Known-Worm Classification and Policing.

    Case Study: Branch Router QoS Design.

    Summary.

    Further Reading.

V. VPN QoS DESIGN.

15. MPLS VPN QoS Design.

    Where Is QoS Needed over an MPLS VPN?

    Customer Edge QoS Design Considerations.

      Layer 2 Access (Link-Specific) QoS Design.

      Service-Provider Service-Level Agreements.

      Enterprise-to-Service Provider Mapping Models.

    Provider-Edge QoS Considerations.

      Service Provider-to-Enterprise Models.

      MPLS DiffServ Tunneling Modes.

    Core QoS Considerations.

      Aggregate Bandwidth Overprovisioning.

      DiffServ in the Backbone.

      MPLS Traffic Engineering.

    Case Study: MPLS VPN QoS Design (CE/PE/P Routers).

    Summary.

    Further Reading.

16. IPSec VPN QoS Design.

    Site-to-Site V3PN QoS Considerations.

      IPSec VPN Modes of Operation.

      Packet Overhead Increases.

      cRTP and IPSec Incompatibility.

      Prefragmentation.

      Bandwidth Provisioning.

      Logical Topologies.

      Delay Budget Increases.

      ToS Byte Preservation.

      QoS Pre-Classify.

      Pre-Encryption Queuing.

      Anti-Replay Implications.

      Control Plane Provisioning.

    Site-to-Site V3PN QoS Designs.

    Headend VPN Edge QoS Options for Site-to-Site V3PNs.

    Teleworker V3PN QoS Considerations.

      Teleworker Deployment Models.

      Broadband-Access Technologies.

      Bandwidth Provisioning.

      Asymmetric Links and Unidirectional QoS.

      Broadband Serialization Mitigation Through TCP Maximum Segment Size Tuning.

      Split Tunneling.

    Teleworker V3PN QoS Designs.

    Case Study: IPSec VPN QoS Design.

    Summary.

    Further Reading.

Appendix. QoS “At-A-Glance” Summaries.

Index.

描述：
最佳實踐的 QoS 設計，用於保護語音、視頻和關鍵數據，同時減輕網絡阻斷服務攻擊。

- 了解語音、視頻和數據應用的服務水平要求
- 檢查戰略性的 QoS 最佳實踐，包括用於防止 DoS/蠕蟲攻擊的Scavenger-class QoS 策略
- 了解 QoS 工具以及這些工具的各種相互依賴和注意事項，這些可能會影響設計考慮
- 學習如何使用各種 QoS 機制保護語音、視頻和數據流量
- 評估保護語音、視頻和多類數據的設計建議，同時減輕 DoS/蠕蟲攻擊，適用於以下網絡基礎架構：校園局域網、私有廣域網、MPLS VPN 和 IPSec VPN。

品質服務（QoS）已經證明自己是實現語音、視頻和數據網絡融合的技術。隨著業務需求的演變，對 QoS 的需求也在增加。在過去幾年中，由於阻斷服務（DoS）和蠕蟲攻擊的頻率和複雜性增加，保護關鍵應用程序的需求通過 QoS 機制在企業網絡中不斷升級。

《端到端 QoS 網絡設計》是一本詳細的手冊，用於規劃和部署 QoS 解決方案以滿足當前的業務需求。本書不僅討論了可用的 QoS 技術，還考慮了詳細的設計示例，以說明何時、何地和如何部署各種 QoS 功能，以提供經過驗證和測試的解決方案，用於局域網、廣域網和虛擬私有網絡中的語音、視頻和關鍵數據。

本書首先簡要介紹了網絡基礎架構演進的背景，以及隨後對 QoS 的需求。然後，它介紹了目前可用的各種 QoS 功能和工具，並評論了它們的演進和方向。介紹了語音、互動和流媒體視頻以及多類數據應用的 QoS 要求，以及各種類型的 DoS 和蠕蟲攻擊的性質和影響的概述。引入了 QoS 最佳實踐設計原則，以展示如何在應用需求和網絡攻擊減輕的同時，端到端地戰略性地部署 QoS 機制。接下來的部分專注於如何將這些戰略設計原則應用於校園局域網 QoS 設計。介紹了企業校園網絡的接入、分發和核心層的考慮因素和詳細設計建議。接下來的部分討論了私有廣域網 QoS 設計，在這一部分中，介紹了專門針對租用線路、幀中繼、ATM、ATM-to-FR 服務互通和 ISDN 網絡的考慮因素和詳細的 QoS 設計。分支機構特定的設計包括使用基於網絡的應用識別（NBAR）進行已知蠕蟲識別和流量控制的 Cisco(r) SAFE 建議。最後一部分涵蓋了第 3 層 VPN QoS 設計-對於 MPLS 和 IPSec VPN。隨著企業遷移到 VPN 以以更低的成本滿足其廣域網絡需求，這些拓撲的特定考慮因素需要反映在其客戶邊緣 QoS 設計中。從企業和服務提供商的角度檢查了 MPLS VPN QoS 設計。此外，IPSec VPN QoS 設計涵蓋了站點到站點和遠程工作者的情境。